Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-unders - cpv.srv-ad.com and t.cpa37

Started by missmoody , Aug 18 2012 08:17 PM

  • Please log in to reply

#1
missmoody
Posted 18 August 2012 - 08:17 PM

missmoody

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

I keep getting pop-unders from cpv.srv-ad.com and t.cpa37 and notice that pages are taking longer than usual to load. I've run several scans, including Webroot, MBAM, Hitman Pro, Ad-Aware, IObit, Spybot S&D, SUPERAntiSpyware, Anvi Smart Defender and Stopzilla. Stopzilla is the only one that found anything of note (the rest found nothing or cookies) and detected numerous threats (I have the log if you need it), but I only have the free version which doesn't repair. I hope you are able to help me. Here's the log you asked for, thank you so much.



OTL logfile created on: 19/8/2012 2:23:54 AM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\BooHoo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

3.22 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 42.20% Memory free
6.43 Gb Paging File | 4.00 Gb Available in Paging File | 62.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 325.72 Gb Free Space | 65.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 153.60 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive G: | 9.77 Gb Total Space | 9.68 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive I: | 244.14 Gb Total Space | 15.90 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
Drive J: | 83.92 Gb Total Space | 6.28 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive L: | 85.18 Gb Total Space | 37.42 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: BOOHOO-PC | User Name: BooHoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 02:11:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
PRC - [2012/07/31 01:56:32 | 000,483,024 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/07/20 09:11:38 | 000,686,408 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/07/18 04:35:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 15:31:32 | 002,280,872 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/07/16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/02 17:41:09 | 000,688,360 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2012/06/23 22:55:28 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/03/30 20:08:14 | 000,187,008 | ---- | M] () -- C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
PRC - [2012/03/30 20:08:14 | 000,109,184 | ---- | M] () -- C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
PRC - [2012/03/04 06:39:33 | 001,592,160 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/02/29 17:30:43 | 000,815,104 | ---- | M] (Epitiro Ltd.) -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe
PRC - [2012/01/16 11:04:46 | 001,007,472 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/13 01:55:02 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/05 16:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 16:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 16:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 16:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 16:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 04:35:45 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/23 22:55:27 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2011/10/05 14:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 13:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011/03/24 15:31:58 | 000,233,472 | ---- | M] () -- C:\Program Files\Broadband Test Application\SpeedTestClient.dll
MOD - [2010/07/22 15:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Broadband Test Application\CrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDHookService)
SRV - [2012/08/15 05:05:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/31 01:56:32 | 000,483,024 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/07/20 09:11:38 | 000,686,408 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/07/18 04:35:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/02 17:41:09 | 000,688,360 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/30 20:08:14 | 000,187,008 | ---- | M] () [Auto | Running] -- C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe -- (GfK-Update-Service)
SRV - [2012/03/30 20:08:14 | 000,109,184 | ---- | M] () [Auto | Running] -- C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe -- (GfK-Reporting-Service)
SRV - [2012/02/29 17:30:43 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto | Running] -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2012/01/16 11:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2012/01/10 00:19:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - [2012/08/18 04:36:10 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/07/13 06:49:52 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
DRV - [2012/07/13 06:49:50 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/07/13 06:49:50 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
DRV - [2012/07/05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/02 17:41:11 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012/04/06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/01/18 16:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 16:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012/01/05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/01/04 15:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/01 20:40:00 | 001,149,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/03/24 11:08:08 | 000,028,160 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm)
DRV - [2010/03/24 11:08:08 | 000,022,016 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/04/29 16:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 79 33 19 6E 77 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PeepsPay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PeepsPay Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/01/13 01:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/21 02:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/11 00:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/09 23:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GfK Internet-Monitor [2012/08/19 02:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 16:10:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 19:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 16:10:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 19:28:31 | 000,000,000 | ---D | M]

[2012/01/13 01:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Extensions
[2012/08/18 16:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions
[2012/01/13 03:26:49 | 000,000,000 | ---D | M] ("UserZoom survey tool") -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
[2012/08/18 16:10:26 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/07/16 23:08:09 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2012/03/30 19:50:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/08 23:44:08 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\[email protected]
[2012/08/18 05:27:11 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/08/15 01:01:21 | 000,000,000 | ---D | M] (UserZoom Survey Tool) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\userzoom_survey_tool@jetpack
[2009/01/06 16:45:35 | 000,001,728 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\aim-search.xml
[2011/09/08 23:46:21 | 000,002,575 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\askcom.xml
[2008/12/13 01:39:48 | 000,001,504 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\imdb.xml
[2012/08/12 14:50:40 | 000,001,540 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\swagbuckscom.xml
[2012/05/17 09:23:16 | 000,003,915 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\sweetim.xml
[2009/11/22 14:06:35 | 000,001,201 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\winamp-search.xml
[2010/06/16 21:39:38 | 000,004,153 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\youtube.xml
[2012/06/12 22:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 02:34:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/08/19 02:13:57 | 000,000,000 | ---D | M] (GfK Internet-Monitor) -- C:\PROGRAM FILES\GFK INTERNET-MONITOR
[2012/08/11 04:24:34 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/07/24 01:21:16 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/07/13 03:14:34 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 04:35:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 17:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 17:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/19 16:56:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 16:56:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Gacela Plugin (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\plugin/npgacela.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.2.0_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Spybot - Search & Destroy = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GfK Internet-Monitor = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GfK Internet-Monitor = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/17 06:26:34 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (GfK)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : About GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (GfK)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDE4D30-C5C0-4575-A402-A54BB79768BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5b986135-3e06-11e1-a05f-8c89a5644f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{5b986135-3e06-11e1-a05f-8c89a5644f4f}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 02:11:23 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
[2012/08/18 21:10:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/18 16:12:23 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\adaware
[2012/08/18 16:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/18 16:12:09 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/08/18 16:11:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/08/18 16:10:36 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\adawarebp
[2012/08/18 16:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/08/18 16:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/08/18 15:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/08/18 05:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/08/18 05:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/08/18 05:28:01 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Downloaded Installations
[2012/08/18 05:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/08/18 05:25:55 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Ad-Aware Antivirus
[2012/08/18 04:04:52 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Malwarebytes
[2012/08/18 04:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 04:04:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/18 04:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 03:53:18 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\EurekaLog
[2012/08/17 22:25:37 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{70BD7889-5302-4CB4-B4C8-5A8FE58BF19D}
[2012/08/17 22:25:19 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{52C7AF0A-E04C-4DB8-AC70-D533F4ADBAF9}
[2012/08/17 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{7853D833-C25F-4881-B898-E6420E1C3BDB}
[2012/08/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{B2217798-CEB0-444A-A9AB-AAD79828EEF9}
[2012/08/17 04:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/17 04:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/08/17 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\Documents\Anti-Malware
[2012/08/17 04:13:25 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\Desktop\Security
[2012/08/17 04:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/08/17 04:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/08/17 03:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/08/17 03:08:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/08/13 23:53:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Spyware Terminator
[2012/08/13 23:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/08/13 23:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012/08/13 23:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012/08/13 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\WinPatrol
[2012/08/12 07:44:48 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Anvisoft
[2012/08/12 07:29:39 | 000,022,864 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrs.sys
[2012/08/12 07:29:39 | 000,016,208 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrm.sys
[2012/08/12 07:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/08/12 07:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/08/12 07:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/08/12 07:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/08/12 07:24:42 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\IObit
[2012/08/12 07:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/12 07:08:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 07:07:03 | 000,131,072 | ---- | C] (FoolishIT.com) -- C:\Windows\goog.exe
[2012/08/12 06:58:56 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/12 06:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/11 03:34:16 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\temp
[2012/08/08 19:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/08/08 19:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/08/08 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dendera Casino
[2012/08/08 05:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\DenderaCasino
[2012/08/06 20:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 04:36:19 | 000,000,000 | ---D | C] -- C:\Rummy Royal
[2012/08/06 04:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal
[2012/08/04 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\KODAK AiO Home Center1497227906
[2012/08/04 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Eastman_Kodak_Company
[2012/08/04 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Eastman Kodak Company
[2012/08/04 16:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/08/04 16:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012/08/04 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/08/04 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Temp
[2012/08/04 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/08/04 04:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/02 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/02 18:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/02 18:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/02 18:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/02 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Microgaming
[2012/08/02 00:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unibet
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 02:50:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000UA.job
[2012/08/19 02:12:54 | 000,026,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 02:12:54 | 000,026,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 02:11:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
[2012/08/19 02:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 22:12:47 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/18 22:12:46 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\IsposureAgent.job
[2012/08/18 22:12:29 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2012/08/18 22:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 22:11:23 | 2589,908,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 17:50:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000Core.job
[2012/08/18 16:10:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 15:53:31 | 003,720,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 04:56:39 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/18 04:56:39 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/18 04:53:47 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/18 04:36:10 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/08/17 06:26:34 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 04:20:06 | 000,001,073 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/16 15:53:29 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/15 16:01:20 | 000,260,819 | ---- | M] () -- C:\Users\BooHoo\Desktop\M&S evoucher.pdf
[2012/08/15 03:40:54 | 000,442,074 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120816-103117.backup
[2012/08/14 23:55:18 | 000,002,455 | ---- | M] () -- C:\Users\BooHoo\Desktop\Google Chrome.lnk
[2012/08/12 07:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2012/08/12 07:07:03 | 000,131,072 | ---- | M] (FoolishIT.com) -- C:\Windows\goog.exe
[2012/08/12 07:05:30 | 000,031,616 | ---- | M] () -- C:\Windows\System32\FoolishEventLogMsgHelper.dll
[2012/08/08 05:03:51 | 000,001,917 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dendera Casino.lnk
[2012/08/06 04:36:21 | 000,000,646 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk
[2012/08/04 16:51:48 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/08/02 10:30:32 | 000,442,666 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120809-103222.backup
[2012/08/02 00:08:26 | 000,001,821 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Unibet.lnk
[2012/08/01 19:34:42 | 000,001,103 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/08/01 15:05:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/07/26 17:01:08 | 000,404,301 | ---- | M] () -- C:\Users\BooHoo\Documents\fgsddf.xps
[2012/07/26 10:31:21 | 000,442,666 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120802-103032.backup
[2012/07/21 17:51:30 | 000,119,181 | ---- | M] () -- C:\Users\BooHoo\Desktop\K260_Audio_transcripts_CD3_CDA5990_lores.pdf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 16:10:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 04:53:47 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/18 04:36:10 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/08/17 06:26:26 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2012/08/17 04:20:06 | 000,001,073 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/15 16:01:14 | 000,260,819 | ---- | C] () -- C:\Users\BooHoo\Desktop\M&S evoucher.pdf
[2012/08/13 23:53:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012/08/12 07:29:39 | 000,014,160 | ---- | C] () -- C:\Windows\System32\drivers\asdws.sys
[2012/08/12 07:07:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/08/12 07:05:30 | 000,031,616 | ---- | C] () -- C:\Windows\System32\FoolishEventLogMsgHelper.dll
[2012/08/08 05:03:51 | 000,001,917 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dendera Casino.lnk
[2012/08/06 04:36:21 | 000,000,646 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk
[2012/08/04 16:51:48 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/08/02 00:06:51 | 000,001,821 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Unibet.lnk
[2012/07/26 16:52:00 | 000,404,301 | ---- | C] () -- C:\Users\BooHoo\Documents\fgsddf.xps
[2012/07/21 17:51:30 | 000,119,181 | ---- | C] () -- C:\Users\BooHoo\Desktop\K260_Audio_transcripts_CD3_CDA5990_lores.pdf
[2012/07/01 23:01:44 | 000,002,993 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/13 04:21:48 | 000,158,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/13 00:46:58 | 000,004,159 | ---- | C] () -- C:\ProgramData\gbianycz.qhq
[2012/06/10 21:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2012/02/29 17:25:40 | 000,000,296 | ---- | C] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini
[2012/02/22 01:47:19 | 000,004,096 | -H-- | C] () -- C:\Users\BooHoo\AppData\Local\keyfile3.drm
[2012/02/07 21:11:50 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe
[2012/01/29 02:56:30 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/01/29 02:56:30 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/01/29 02:56:30 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/01/29 02:56:30 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/01/29 02:56:30 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/01/29 02:25:47 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012/01/29 02:25:46 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012/01/29 02:25:40 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/01/22 17:41:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2012/01/22 17:41:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2012/01/22 17:41:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2012/01/22 17:41:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2012/01/22 17:41:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2012/01/22 17:41:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2012/01/22 17:41:40 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2012/01/22 17:41:40 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2012/01/22 17:41:40 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2012/01/22 17:41:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2012/01/22 17:41:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2012/01/22 17:41:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2012/01/22 17:41:39 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2012/01/22 17:41:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2012/01/19 18:28:14 | 000,000,063 | ---- | C] () -- C:\Windows\Debugger.INI
[2012/01/15 18:21:52 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 01:46:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/10 01:00:03 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/01/10 00:52:56 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/01/10 00:49:45 | 000,020,635 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/01/10 00:25:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/10 00:25:34 | 000,015,378 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/08/18 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Ad-Aware Antivirus
[2012/05/15 04:06:14 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Amazon
[2012/08/12 07:44:48 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Anvisoft
[2012/01/29 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Audacity
[2012/06/25 23:15:36 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Azureus
[2012/02/11 01:05:20 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/05 04:57:25 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\DAZ 3D
[2012/08/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\EurekaLog
[2012/02/25 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\ID3-TagIT 3
[2012/08/12 07:24:42 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\IObit
[2012/04/04 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Keynote Systems
[2012/08/11 00:45:09 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Microgaming
[2012/03/04 06:44:01 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4
[2012/04/27 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Mobipocket
[2012/02/26 19:54:50 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\MusicBrainz
[2012/02/11 04:22:52 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Nico Mak Computing
[2012/01/13 02:33:04 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\RoboForm
[2012/03/12 02:49:30 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Screenshot Sender
[2012/08/13 23:53:46 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Spyware Terminator
[2012/08/17 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\TeamViewer
[2012/08/16 06:29:21 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Temp
[2012/08/13 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\WinPatrol
[2012/08/18 22:12:47 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/18 22:12:46 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\IsposureAgent.job
[2012/08/16 15:53:29 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/01 15:05:09 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009/07/14 05:53:46 | 000,030,362 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by missmoody, 20 August 2012 - 08:20 PM.

  • 0

Advertisements

#2
Gammo
Posted 22 August 2012 - 03:16 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
missmoody
Posted 22 August 2012 - 12:26 PM

missmoody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello,

I still have the problem as described in my original post: I keep getting pop-unders from cpv.srv-ad.com and t.cpa37 and notice that pages are taking longer than usual to load. I've run several scans, including Webroot, MBAM, Hitman Pro, Ad-Aware, IObit, Spybot S&D, SUPERAntiSpyware, Anvi Smart Defender and Stopzilla. Stopzilla is the only one that found anything of note (the rest found nothing or cookies) and detected numerous threats (I have the log if you need it), but I only have the free version which doesn't repair.

Here are the logs you requested:

OTL.Txt

OTL logfile created on: 22/8/2012 7:10:38 PM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\BooHoo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

3.22 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 39.22% Memory free
6.43 Gb Paging File | 2.80 Gb Available in Paging File | 43.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 321.56 Gb Free Space | 64.25% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 153.60 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive G: | 9.77 Gb Total Space | 9.68 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive I: | 244.14 Gb Total Space | 11.79 Gb Free Space | 4.83% Space Free | Partition Type: NTFS
Drive J: | 83.92 Gb Total Space | 6.28 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive L: | 85.18 Gb Total Space | 37.42 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: BOOHOO-PC | User Name: BooHoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/20 20:19:15 | 000,710,504 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2012/08/19 02:11:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
PRC - [2012/07/31 01:56:32 | 000,483,024 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\st_rsser.exe
PRC - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/07/20 09:11:38 | 000,686,408 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/07/18 04:35:45 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 15:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/23 22:55:28 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/03/30 20:08:14 | 000,187,008 | ---- | M] () -- C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe
PRC - [2012/03/30 20:08:14 | 000,109,184 | ---- | M] () -- C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe
PRC - [2012/03/04 06:39:33 | 001,592,160 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/02/29 17:30:43 | 000,815,104 | ---- | M] (Epitiro Ltd.) -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe
PRC - [2012/01/16 11:04:46 | 001,007,472 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/13 01:55:02 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/05 16:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 16:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 16:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 16:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 16:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 04:35:45 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/23 22:55:27 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2011/10/05 14:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/20 13:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2011/03/24 15:31:58 | 000,233,472 | ---- | M] () -- C:\Program Files\Broadband Test Application\SpeedTestClient.dll
MOD - [2010/10/25 16:13:40 | 002,893,216 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2010/07/22 15:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Broadband Test Application\CrashRpt.dll
MOD - [2007/03/22 20:29:56 | 000,099,160 | ---- | M] () -- C:\Program Files\Microsoft Office\OFFICE11\AW.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDHookService)
SRV - [2012/08/20 20:19:15 | 000,710,504 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/08/15 05:05:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/31 01:56:32 | 000,483,024 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/07/20 09:11:38 | 000,686,408 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/07/18 04:35:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/03/30 20:08:14 | 000,187,008 | ---- | M] () [Auto | Running] -- C:\Program Files\GfK Internet-Monitor\GfK-Updater.exe -- (GfK-Update-Service)
SRV - [2012/03/30 20:08:14 | 000,109,184 | ---- | M] () [Auto | Running] -- C:\Program Files\GfK Internet-Monitor\GfK-Reporting.exe -- (GfK-Reporting-Service)
SRV - [2012/02/29 17:30:43 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto | Running] -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2012/01/16 11:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2012/01/10 00:19:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - [2012/08/20 20:19:17 | 000,112,144 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2012/08/18 04:36:10 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/07/13 06:49:52 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
DRV - [2012/07/13 06:49:50 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/07/13 06:49:50 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
DRV - [2012/07/05 13:53:38 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:36 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012/04/06 19:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/01/18 16:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 16:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012/01/05 18:07:20 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/01/04 15:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/01 20:40:00 | 001,149,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/03/24 11:08:08 | 000,028,160 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm)
DRV - [2010/03/24 11:08:08 | 000,022,016 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb)
DRV - [2009/07/13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/04/29 16:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 4B A9 2E 30 7E CD 01 [binary data]
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 8C 6F 3B C5 E8 CC 01 [binary data]
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4226728602-844740211-3379392126-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PeepsPay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PeepsPay Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/01/13 01:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/21 02:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/11 00:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/09 23:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GfK Internet-Monitor [2012/08/22 18:22:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 16:10:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 19:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/18 16:10:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 19:28:31 | 000,000,000 | ---D | M]

[2012/01/13 01:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Extensions
[2012/08/18 16:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions
[2012/01/13 03:26:49 | 000,000,000 | ---D | M] ("UserZoom survey tool") -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
[2012/08/18 16:10:26 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/07/16 23:08:09 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2012/03/30 19:50:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/08 23:44:08 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\[email protected]
[2012/08/18 05:27:11 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/08/15 01:01:21 | 000,000,000 | ---D | M] (UserZoom Survey Tool) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\userzoom_survey_tool@jetpack
[2009/01/06 16:45:35 | 000,001,728 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\aim-search.xml
[2011/09/08 23:46:21 | 000,002,575 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\askcom.xml
[2008/12/13 01:39:48 | 000,001,504 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\imdb.xml
[2012/08/19 16:10:44 | 000,001,540 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\swagbuckscom.xml
[2012/05/17 09:23:16 | 000,003,915 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\sweetim.xml
[2009/11/22 14:06:35 | 000,001,201 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\winamp-search.xml
[2010/06/16 21:39:38 | 000,004,153 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\youtube.xml
[2012/06/12 22:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/21 02:34:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/08/22 18:22:42 | 000,000,000 | ---D | M] (GfK Internet-Monitor) -- C:\PROGRAM FILES\GFK INTERNET-MONITOR
[2012/08/11 04:24:34 | 000,340,132 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/07/24 01:21:16 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/07/13 03:14:34 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\BOOHOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I1H185FB.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 04:35:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 17:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 17:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/19 16:56:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/19 16:56:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Gacela Plugin (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\plugin/npgacela.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.2.0_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\BooHoo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Spybot - Search & Destroy = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GfK Internet-Monitor = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: GfK Internet-Monitor = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.1096_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\BooHoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/17 06:26:34 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (GfK)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - No CLSID value found.
O3 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-4226728602-844740211-3379392126-501..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : About GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\GfK Internet-Monitor\Gacela2.dll (GfK)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} http://www.shopandsc.../TNSClickrc.CAB (TNSClickerc.Clicker)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDE4D30-C5C0-4575-A402-A54BB79768BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5b986135-3e06-11e1-a05f-8c89a5644f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{5b986135-3e06-11e1-a05f-8c89a5644f4f}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4226728602-844740211-3379392126-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4226728602-844740211-3379392126-501\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 02:11:23 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
[2012/08/18 21:10:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/18 16:12:23 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\adaware
[2012/08/18 16:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/18 16:12:09 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/08/18 16:11:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/08/18 16:10:36 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\adawarebp
[2012/08/18 16:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/08/18 16:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/08/18 15:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/08/18 05:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/08/18 05:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/08/18 05:28:01 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Downloaded Installations
[2012/08/18 05:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/08/18 05:25:55 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Ad-Aware Antivirus
[2012/08/18 04:04:52 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Malwarebytes
[2012/08/18 04:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 04:04:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/18 04:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/18 03:53:18 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\EurekaLog
[2012/08/17 22:25:37 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{70BD7889-5302-4CB4-B4C8-5A8FE58BF19D}
[2012/08/17 22:25:19 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{52C7AF0A-E04C-4DB8-AC70-D533F4ADBAF9}
[2012/08/17 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{7853D833-C25F-4881-B898-E6420E1C3BDB}
[2012/08/17 22:24:56 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\{B2217798-CEB0-444A-A9AB-AAD79828EEF9}
[2012/08/17 04:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/17 04:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/08/17 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\Documents\Anti-Malware
[2012/08/17 04:13:25 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\Desktop\Security
[2012/08/17 04:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/08/17 04:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/08/17 03:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/17 03:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/08/17 03:08:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/08/13 23:53:46 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Spyware Terminator
[2012/08/13 23:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/08/13 23:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012/08/13 23:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2012/08/13 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\WinPatrol
[2012/08/12 07:44:48 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Anvisoft
[2012/08/12 07:29:39 | 000,022,864 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrs.sys
[2012/08/12 07:29:39 | 000,016,208 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrm.sys
[2012/08/12 07:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/08/12 07:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/08/12 07:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/08/12 07:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/08/12 07:24:42 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\IObit
[2012/08/12 07:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/12 07:08:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/12 07:07:03 | 000,131,072 | ---- | C] (FoolishIT.com) -- C:\Windows\goog.exe
[2012/08/12 06:58:56 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/12 06:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/11 03:34:16 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\temp
[2012/08/08 19:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/08/08 19:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/08/08 05:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dendera Casino
[2012/08/08 05:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\DenderaCasino
[2012/08/06 20:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 04:36:19 | 000,000,000 | ---D | C] -- C:\Rummy Royal
[2012/08/06 04:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal
[2012/08/04 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\KODAK AiO Home Center1497227906
[2012/08/04 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Eastman_Kodak_Company
[2012/08/04 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Local\Eastman Kodak Company
[2012/08/04 16:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/08/04 16:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012/08/04 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/08/04 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Temp
[2012/08/04 16:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/08/04 04:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/04 04:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/02 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/02 18:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/02 18:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/02 18:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/02 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\BooHoo\AppData\Roaming\Microgaming
[2012/08/02 00:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unibet
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 19:04:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/22 18:50:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000UA.job
[2012/08/22 18:13:02 | 000,026,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 18:13:02 | 000,026,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 17:50:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000Core.job
[2012/08/22 00:52:41 | 000,002,455 | ---- | M] () -- C:\Users\BooHoo\Desktop\Google Chrome.lnk
[2012/08/21 13:18:25 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/21 13:18:24 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\IsposureAgent.job
[2012/08/21 04:09:14 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/21 04:09:14 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/20 20:19:17 | 000,112,144 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2012/08/20 20:19:17 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2012/08/20 20:19:16 | 000,149,688 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll
[2012/08/20 03:04:21 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/08/20 03:04:21 | 000,001,794 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/08/19 18:31:59 | 000,083,874 | ---- | M] () -- C:\Users\BooHoo\Desktop\18-08-12 - 2.jpg
[2012/08/19 18:30:36 | 000,050,574 | ---- | M] () -- C:\Users\BooHoo\Desktop\18-08-12 - 1.jpg
[2012/08/19 02:11:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\BooHoo\Desktop\OTL.exe
[2012/08/18 22:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 22:11:23 | 2589,908,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 16:10:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 15:53:31 | 003,720,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/18 04:53:47 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/18 04:36:10 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/08/17 06:26:34 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 04:20:06 | 000,001,073 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/16 15:53:29 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/15 16:01:20 | 000,260,819 | ---- | M] () -- C:\Users\BooHoo\Desktop\M&S evoucher.pdf
[2012/08/15 03:40:54 | 000,442,074 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120816-103117.backup
[2012/08/12 07:07:39 | 000,053,248 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2012/08/12 07:07:03 | 000,131,072 | ---- | M] (FoolishIT.com) -- C:\Windows\goog.exe
[2012/08/12 07:05:30 | 000,031,616 | ---- | M] () -- C:\Windows\System32\FoolishEventLogMsgHelper.dll
[2012/08/08 05:03:51 | 000,001,917 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dendera Casino.lnk
[2012/08/06 04:36:21 | 000,000,646 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk
[2012/08/04 16:51:48 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/08/02 10:30:32 | 000,442,666 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120809-103222.backup
[2012/08/02 00:08:26 | 000,001,821 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Unibet.lnk
[2012/08/01 19:34:42 | 000,001,103 | ---- | M] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/08/01 15:05:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/07/26 17:01:08 | 000,404,301 | ---- | M] () -- C:\Users\BooHoo\Documents\fgsddf.xps
[2012/07/26 10:31:21 | 000,442,666 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120802-103032.backup
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 03:04:21 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/08/20 03:04:21 | 000,001,794 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/08/19 18:31:59 | 000,083,874 | ---- | C] () -- C:\Users\BooHoo\Desktop\18-08-12 - 2.jpg
[2012/08/19 18:30:36 | 000,050,574 | ---- | C] () -- C:\Users\BooHoo\Desktop\18-08-12 - 1.jpg
[2012/08/18 16:10:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/18 04:53:47 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/18 04:36:10 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/08/17 06:26:26 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2012/08/17 04:20:06 | 000,001,073 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/15 16:01:14 | 000,260,819 | ---- | C] () -- C:\Users\BooHoo\Desktop\M&S evoucher.pdf
[2012/08/13 23:53:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012/08/12 07:29:39 | 000,014,160 | ---- | C] () -- C:\Windows\System32\drivers\asdws.sys
[2012/08/12 07:07:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/08/12 07:05:30 | 000,031,616 | ---- | C] () -- C:\Windows\System32\FoolishEventLogMsgHelper.dll
[2012/08/08 05:03:51 | 000,001,917 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Dendera Casino.lnk
[2012/08/06 04:36:21 | 000,000,646 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk
[2012/08/04 16:51:48 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/08/02 00:06:51 | 000,001,821 | ---- | C] () -- C:\Users\BooHoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Unibet.lnk
[2012/07/26 16:52:00 | 000,404,301 | ---- | C] () -- C:\Users\BooHoo\Documents\fgsddf.xps
[2012/07/01 23:01:44 | 000,002,993 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/13 04:21:48 | 000,158,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/06/13 00:46:58 | 000,004,159 | ---- | C] () -- C:\ProgramData\gbianycz.qhq
[2012/06/10 21:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2012/02/29 17:25:40 | 000,000,296 | ---- | C] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini
[2012/02/22 01:47:19 | 000,004,096 | -H-- | C] () -- C:\Users\BooHoo\AppData\Local\keyfile3.drm
[2012/02/07 21:11:50 | 000,123,392 | ---- | C] () -- C:\Windows\System32\UnCasino5.exe
[2012/01/29 02:56:30 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/01/29 02:56:30 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/01/29 02:56:30 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/01/29 02:56:30 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/01/29 02:56:30 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/01/29 02:25:47 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012/01/29 02:25:46 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012/01/29 02:25:40 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/01/22 17:41:40 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2012/01/22 17:41:40 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2012/01/22 17:41:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2012/01/22 17:41:40 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2012/01/22 17:41:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2012/01/22 17:41:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2012/01/22 17:41:40 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2012/01/22 17:41:40 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2012/01/22 17:41:40 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2012/01/22 17:41:40 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2012/01/22 17:41:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2012/01/22 17:41:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2012/01/22 17:41:39 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2012/01/22 17:41:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2012/01/19 18:28:14 | 000,000,063 | ---- | C] () -- C:\Windows\Debugger.INI
[2012/01/15 18:21:52 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 01:46:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/10 01:00:03 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/01/10 00:52:56 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2012/01/10 00:49:45 | 000,020,635 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/01/10 00:25:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/10 00:25:34 | 000,015,378 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/07/26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/08/18 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Ad-Aware Antivirus
[2012/05/15 04:06:14 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Amazon
[2012/08/12 07:44:48 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Anvisoft
[2012/01/29 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Audacity
[2012/08/21 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Azureus
[2012/02/11 01:05:20 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/05 04:57:25 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\DAZ 3D
[2012/08/18 03:53:31 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\EurekaLog
[2012/02/25 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\ID3-TagIT 3
[2012/08/12 07:24:42 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\IObit
[2012/04/04 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Keynote Systems
[2012/08/11 00:45:09 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Microgaming
[2012/03/04 06:44:01 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Mikogo 4
[2012/04/27 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Mobipocket
[2012/02/26 19:54:50 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\MusicBrainz
[2012/02/11 04:22:52 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Nico Mak Computing
[2012/01/13 02:33:04 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\RoboForm
[2012/03/12 02:49:30 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Screenshot Sender
[2012/08/13 23:53:46 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Spyware Terminator
[2012/08/17 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\TeamViewer
[2012/08/19 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\Temp
[2012/08/13 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\BooHoo\AppData\Roaming\WinPatrol
[2012/08/21 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Ad-Aware Antivirus
[2012/05/05 06:18:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\com.w3i.FlipToast
[2012/08/14 06:34:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WinPatrol
[2012/08/21 13:18:25 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/08/21 13:18:24 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\IsposureAgent.job
[2012/08/16 15:53:29 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/08/01 15:05:09 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009/07/14 05:53:46 | 000,030,362 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras.Txt

OTL Extras logfile created on: 22/8/2012 7:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\BooHoo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

3.22 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 39.22% Memory free
6.43 Gb Paging File | 2.80 Gb Available in Paging File | 43.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 500.47 Gb Total Space | 321.56 Gb Free Space | 64.25% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 153.60 Gb Free Space | 65.96% Space Free | Partition Type: NTFS
Drive G: | 9.77 Gb Total Space | 9.68 Gb Free Space | 99.10% Space Free | Partition Type: NTFS
Drive I: | 244.14 Gb Total Space | 11.79 Gb Free Space | 4.83% Space Free | Partition Type: NTFS
Drive J: | 83.92 Gb Total Space | 6.28 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive L: | 85.18 Gb Total Space | 37.42 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

Computer Name: BOOHOO-PC | User Name: BooHoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiSpywareOverride" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E168948-6133-4615-9DAC-AE9AD95C9FC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13146DED-2F1B-4002-9352-B665BBC5B161}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C90B541-0FFD-4078-8994-ADB2FA4C1D4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23274D1B-BD5C-479E-B730-3BD93A6A0BB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{3226FDDE-C94C-4574-B7F5-EAFB3737A1D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3290E362-540A-421A-935E-A68C6BDC0ADE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3411E9B1-7F4C-4211-8D0F-10D7AD612C74}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{377D33E8-6792-40C1-9ED4-472ADEC82279}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B1D4E5-4A3C-471E-8443-FD1F14CD1C93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{41D021B2-C1CF-44DA-B696-B9EE8679BBC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45391E93-3578-4C49-9B37-FDF36F4A34CA}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{483F25D2-C7B4-4976-91D6-7439E6DC1859}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4A98D2DE-2B6B-4850-8DCA-89BAC5314467}" = rport=137 | protocol=17 | dir=out | app=system |
"{5168110A-9532-4A5A-BAA9-0788615C6DEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{66AA829C-C40E-48CC-BBDC-7EABA1F6297E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{72E0159A-DB0C-47C0-A98D-819B1D1B3A9C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{74FCC765-3F57-4B06-923E-D8BA3B258183}" = rport=138 | protocol=17 | dir=out | app=system |
"{77B2D82F-B1E9-4264-BA29-3EEF08C403E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{83870375-ABF4-4CE4-B751-68E665500D44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CB12804-BEE1-4C95-AD4A-6157FFB22FED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97DCE423-C73F-4F7D-B4EC-16EA73AA125A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{97FCF572-06C4-4E06-AA50-DB95E99B1800}" = lport=138 | protocol=17 | dir=in | app=system |
"{9888DB58-53A6-4E59-A97C-73142CCFE962}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B53CEE6-B5C4-49BE-8D16-C21277E75C85}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2684DF5-30C1-4A65-B829-708655F99AD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B25B77AC-2005-4578-B76D-58C9F4EA132A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B44BAFBA-FE88-4AEE-9918-F0F4207FD9D5}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{DC30BDFD-3F01-4B71-97C5-DAFF244001A0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{FFB575B4-8AE6-42A6-8F35-EF15AE50C1FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD2D356-C9FB-4C7A-BCD1-6101E9AAF787}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{0EBD92BE-58F5-46CD-95C6-CD78B69B149C}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{11962FC5-1E70-424C-B780-423334238688}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{171090D6-D1B9-4CBC-B710-9DB8B547C198}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{1EBD3F05-B504-4C49-93C8-D33E0EAFB0B6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{24415562-D1B8-4B57-B071-3A4E7B70DFCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{295C872D-4A38-4C81-B976-8D9EF0393950}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{2CF8A401-72F2-4137-84A9-BAEBC01CCD41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30E53008-22C5-44BA-A7EE-F210B6DC4515}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3C1AB729-3C47-40AF-9B3D-9DE7CACE68B6}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{412C75B3-218E-4946-88B0-8C785F9E9AE6}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{4693E727-B503-4944-8201-376A4E985716}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{46E8C431-F850-4D78-8C22-B73FAE8C3CE3}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{4F83056E-E911-4B48-9874-4F6269362B41}" = protocol=6 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe |
"{57438020-7FD0-43CF-A4A2-B5945294B3F2}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{64CA2EEC-98AE-4D7C-BDC3-00CA2B9849D1}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{6F7B358E-B42A-45EF-9A5E-A4BF01B9FB6F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{79DAF559-B4CD-4BAD-AA07-DC4361753667}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{7AEC7AFF-7B27-400D-9A9F-4778D3DAC363}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{80DF454F-7757-4628-85E8-695A0F3C134F}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{81B4759D-97AE-43B7-AA2B-6A7395674234}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{875A4679-360B-4E9A-9D72-23DA3A9F5E9D}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{89074893-7600-4644-B50B-2B24C7CB179D}" = protocol=58 | dir=out | [email protected],-28546 |
"{8B2D0955-5F28-49BF-9406-12E30BDF012D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8E188EEE-C6B1-45FD-9F34-A663AF484DA4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{9375B0AE-0100-4BF2-B345-FAC72E3A43BC}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{98D59B2A-A14B-4863-9216-4009B4D325C1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{A607C82D-3898-4E51-8DB7-0114D1D85D34}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{A9C5A40A-10FD-4510-BBC3-1AA6EA57CC73}" = protocol=17 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe |
"{AE2A7FE4-4740-405A-BFE2-860191C0126E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B0B70218-24B7-4B27-8461-2D8EF73489CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B45F82F9-9C2B-4B4A-813B-9A9B7F8C497F}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{B80A8DDE-9294-4D0A-B3C7-DEDCBFD3D5A1}" = protocol=1 | dir=in | [email protected],-28543 |
"{C9224368-9D00-4211-8863-9DF6A442FD06}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F52CD41E-B46F-470F-AF8B-ABCA2B8BF0CE}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{F7A7B38C-5B27-4FAA-91FE-A1669B82F0F7}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{FB2023EA-59B3-4B26-8F62-40AFE6EE5D9B}" = protocol=1 | dir=out | [email protected],-28544 |
"{FBBBF20E-E07F-4B7B-B127-EDC408F3EED5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{58B0247D-091D-4313-AF74-DB67B4F1942E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7AD37105-1669-4570-B0AB-B26F1B471FC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7C96AFAE-156A-44BE-A3AB-205F0691F26C}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{E39378AD-481D-46A9-BF5A-4594A014FEAB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F9E18D3C-E3CA-4295-8894-6F1DE42931A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F9F325DC-A06D-4311-A9BF-B256BE8D73EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{315F6F54-051F-4F3A-BD5B-A84B2D1B6B1E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{443ECDBF-6FDD-48DF-9505-DF2C5C5DFE79}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{51732D23-45D4-47C7-8BBE-FE0ECAA50918}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5DF7CD04-F01E-4183-A3E3-47ABCADABC0A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C651B5B5-7EAB-446E-8696-56C5590844F1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D9B17FC7-9D9C-4258-AE27-94527DFEC407}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{25f1674a-fcbf-43cf-96db-9c2025d63009}" = Vegas Strip
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{479C85BE-93E3-49B7-A57D-C5D4EF374F4E}" = RummyRoyal.com
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8972029b-a74e-45ef-a09f-e74502b7993f}" = Slot of Vegas
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}" = Broadband Test Application
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"39992AD7-103F-4308-8BB7-3F65F543604D" = GfK Internet-Monitor
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = RoboForm 7-6-9 (All Users)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Anvi Smart Defender" = Anvi Smart Defender 1.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DenderaCasino" = Dendera Casino
"DivX Setup" = DivX Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2011" = Family Tree Maker 2011
"GridinSoft Trojan Killer" = Trojan Killer
"HDMI" = Intel® Graphics Media Accelerator Driver
"ID3-TagIT 3_is1" = ID3-TagIT 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InterCasinoV9EnglishGBP" = InterCasino
"IObit Malware Fighter_is1" = IObit Malware Fighter
"K221 Media Kit" = K221 Media Kit
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"TeamViewer 7" = TeamViewer 7
"TVWiz" = Intel® TV Wizard
"VirtualCloneDrive" = VirtualCloneDrive
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WRUNINST" = Webroot SecureAnywhere
"Wubi" = Ubuntu
"xplorer2l" = xplorer² lite 32 bit
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4226728602-844740211-3379392126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BingoCabin" = BingoCabin
"CROWN EUROPE" = CROWN EUROPE
"Google Chrome" = Google Chrome
"KingJackpot" = KingJackpot
"Mikogo 4" = Mikogo 4
"Winamp Detect" = Winamp Detector Plug-in

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4226728602-844740211-3379392126-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/8/2012 9:23:41 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:23:53 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:24:06 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:24:20 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:24:42 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:25:08 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:25:20 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:25:32 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 19/8/2012 9:25:47 PM | Computer Name = BooHoo-PC | Source = Family Tree Maker | ID = 100
Description =

Error - 20/8/2012 9:05:43 PM | Computer Name = BooHoo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BroadbandTestApp.exe, version: 2.5.2.5,
time stamp: 0x4dd38c99 Faulting module name: CrashRpt.dll, version: 1.2.0.6, time
stamp: 0x4c3f0a97 Exception code: 0xc0000005 Fault offset: 0x000073cc Faulting process
id: 0x6840 Faulting application start time: 0x01cd7f3030f6ec2f Faulting application
path: C:\Program Files\Broadband Test Application\BroadbandTestApp.exe Faulting
module path: C:\Program Files\Broadband Test Application\CrashRpt.dll Report Id:
54549a25-eb2c-11e1-9e67-8c89a5644f4f

Error - 21/8/2012 1:29:37 PM | Computer Name = BooHoo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x000153fe Faulting
process id: 0x54c Faulting application start time: 0x01cd7d86476fcad0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
Id: c76ad26f-ebb5-11e1-9e67-8c89a5644f4f

[ System Events ]
Error - 18/8/2012 5:08:28 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 18/8/2012 5:09:24 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 18/8/2012 5:09:24 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 18/8/2012 5:09:24 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 20/8/2012 8:01:48 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7031
Description = The Broadband Test Application service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Run the configured recovery program.

Error - 20/8/2012 9:05:48 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7031
Description = The Broadband Test Application service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 10000
milliseconds: Run the configured recovery program.

Error - 20/8/2012 11:09:56 PM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7031
Description = The Broadband Test Application service terminated unexpectedly. It
has done this 3 time(s). The following corrective action will be taken in 600000
milliseconds: Run the configured recovery program.

Error - 21/8/2012 9:52:07 AM | Computer Name = BooHoo-PC | Source = Service Control Manager | ID = 7031
Description = The Broadband Test Application service terminated unexpectedly. It
has done this 4 time(s). The following corrective action will be taken in 600000
milliseconds: Run the configured recovery program.

Error - 21/8/2012 12:13:07 PM | Computer Name = BooHoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 21/8/2012 12:13:09 PM | Computer Name = BooHoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >
  • 0

#4
missmoody
Posted 22 August 2012 - 01:57 PM

missmoody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I'm now also getting frequent 'No site configured at this address' messages for various sites that I know are working fine as my friend is using them.
  • 0

#5
Gammo
Posted 23 August 2012 - 06:51 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
FF - prefs.js..browser.search.defaultthis.engineName: "PeepsPay Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3173010&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PeepsPay Customized Web Search"
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin
[2012/07/16 23:08:09 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/09/08 23:46:21 | 000,002,575 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\askcom.xml
[2012/05/17 09:23:16 | 000,003,915 | ---- | M] () -- C:\Users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\searchplugins\sweetim.xml
O2 - BHO: (no name) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - No CLSID value found.
O2 - BHO: (no name) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No CLSID value found.
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\VideoDownloadConverter_4z
C:\Program Files\SweetIM

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
missmoody
Posted 23 August 2012 - 10:15 AM

missmoody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix 12-08-22.03 - BooHoo 23/08/2012 16:42:14.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3293.2220 [GMT 1:00]
Running from: c:\users\BooHoo\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 15:50 . 2012-08-23 15:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-23 15:50 . 2012-08-23 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 14:55 . 2012-08-23 15:50 -------- d-----w- c:\users\BooHoo\AppData\Local\temp
2012-08-23 14:33 . 2012-08-23 14:33 -------- d-----w- c:\programdata\GFI Software
2012-08-23 14:14 . 2012-08-23 14:14 -------- d-----w- C:\_OTL
2012-08-21 12:19 . 2012-08-21 12:19 -------- d-----w- c:\users\Guest\AppData\Roaming\Ad-Aware Antivirus
2012-08-21 12:19 . 2012-08-21 12:19 -------- d-----w- c:\users\Guest\AppData\Local\adaware
2012-08-18 15:10 . 2012-08-18 15:10 -------- d-----w- c:\users\BooHoo\AppData\Local\adawarebp
2012-08-18 14:43 . 2012-08-18 14:43 -------- d-----w- c:\program files\MSXML 4.0
2012-08-18 04:28 . 2012-08-18 04:28 -------- d-----w- c:\programdata\Lavasoft
2012-08-18 04:28 . 2012-08-23 14:33 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-18 04:28 . 2012-08-18 04:28 -------- d-----w- c:\users\BooHoo\AppData\Local\Downloaded Installations
2012-08-18 04:25 . 2012-08-18 19:43 -------- d-----w- c:\users\BooHoo\AppData\Roaming\Ad-Aware Antivirus
2012-08-18 03:36 . 2012-08-18 03:36 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-18 03:04 . 2012-08-18 03:04 -------- d-----w- c:\users\BooHoo\AppData\Roaming\Malwarebytes
2012-08-18 03:04 . 2012-08-18 03:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-18 03:04 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 02:53 . 2012-08-18 02:53 -------- d-----w- c:\users\BooHoo\AppData\Roaming\EurekaLog
2012-08-18 02:21 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F0D8A38-92FD-49E1-8E67-97F24A897B29}\mpengine.dll
2012-08-17 03:19 . 2012-08-23 14:35 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-08-17 03:12 . 2012-08-23 14:39 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-08-17 02:35 . 2012-08-17 02:35 -------- d-----w- c:\programdata\HitmanPro
2012-08-15 11:56 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 11:56 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 11:56 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 11:56 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 14:12 . 2012-08-14 14:12 -------- d-----w- c:\users\Guest\AppData\Local\Eastman_Kodak_Company
2012-08-14 05:34 . 2012-08-14 05:34 -------- d-----w- c:\users\Guest\AppData\Roaming\WinPatrol
2012-08-13 22:53 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-08-13 22:45 . 2012-08-13 22:45 -------- d-----w- c:\users\BooHoo\AppData\Roaming\WinPatrol
2012-08-12 06:44 . 2012-08-23 14:40 -------- d-----w- c:\users\BooHoo\AppData\Roaming\Anvisoft
2012-08-12 06:29 . 2012-08-12 06:29 -------- d-----w- c:\programdata\Anvisoft
2012-08-12 06:29 . 2012-08-23 14:40 -------- d-----w- c:\program files\Anvisoft
2012-08-12 06:24 . 2012-08-12 06:24 -------- d-----w- c:\users\BooHoo\AppData\Roaming\IObit
2012-08-12 06:23 . 2012-08-12 06:23 -------- d-----w- c:\program files\IObit
2012-08-12 06:07 . 2012-08-12 06:07 53248 ----a-w- c:\windows\system32\zlib.dll
2012-08-12 06:07 . 2012-08-12 06:07 131072 ----a-w- c:\windows\goog.exe
2012-08-12 06:05 . 2012-08-12 06:05 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-08-11 04:08 . 2012-08-11 04:08 -------- d-----w- c:\users\Guest\temp
2012-08-11 02:34 . 2012-08-11 02:34 -------- d-----w- c:\users\BooHoo\temp
2012-08-08 18:28 . 2012-08-08 18:28 -------- d-----w- c:\program files\Coupons
2012-08-08 04:02 . 2012-08-08 04:05 -------- d-----w- c:\program files\DenderaCasino
2012-08-06 19:54 . 2012-08-06 19:54 -------- d-----w- c:\programdata\Malwarebytes
2012-08-06 03:36 . 2012-08-15 02:49 -------- d-----w- C:\Rummy Royal
2012-08-04 16:09 . 2012-08-04 16:09 -------- d-----w- c:\users\BooHoo\AppData\Roaming\KODAK AiO Home Center1497227906
2012-08-04 15:52 . 2012-08-04 16:09 -------- d-----w- c:\users\BooHoo\AppData\Local\Eastman_Kodak_Company
2012-08-04 15:50 . 2012-08-04 15:50 -------- d-----w- c:\users\BooHoo\AppData\Local\Eastman Kodak Company
2012-08-04 15:49 . 2012-08-04 15:54 -------- d-----w- c:\windows\system32\kodak
2012-08-04 15:47 . 2012-08-04 15:48 -------- d-----w- c:\program files\Kodak
2012-08-04 15:35 . 2012-08-23 15:39 -------- d-----w- c:\programdata\Kodak
2012-08-04 03:15 . 2012-08-04 03:15 -------- d-----w- c:\program files\Common Files\Java
2012-08-04 03:13 . 2012-08-04 03:13 -------- d-----w- c:\program files\Oracle
2012-08-04 03:12 . 2012-07-05 21:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-01 23:08 . 2012-08-10 23:45 -------- d-----w- c:\users\BooHoo\AppData\Roaming\Microgaming
2012-07-31 16:49 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 19:19 . 2012-01-17 14:54 112144 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-08-20 19:19 . 2012-01-17 14:54 149688 ----a-w- c:\windows\system32\WRusr.dll
2012-08-15 04:05 . 2012-04-14 19:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 04:05 . 2012-01-13 00:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 21:06 . 2012-01-20 23:49 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-24 15:50 . 2012-06-24 15:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-24 15:50 . 2012-06-24 15:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-24 15:50 . 2012-06-24 15:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-24 15:50 . 2012-06-24 15:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-24 15:50 . 2012-06-24 15:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-24 15:50 . 2012-06-24 15:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-24 15:50 . 2012-06-24 15:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-24 15:50 . 2012-06-24 15:50 367104 ----a-w- c:\windows\system32\html.iec
2012-06-24 15:50 . 2012-06-24 15:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-24 15:50 . 2012-06-24 15:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-24 15:50 . 2012-06-24 15:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-24 15:50 . 2012-06-24 15:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-24 15:50 . 2012-06-24 15:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-24 15:50 . 2012-06-24 15:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-24 15:50 . 2012-06-24 15:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-24 15:50 . 2012-06-24 15:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-18 08:48 . 2012-06-18 08:48 123904 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
2012-06-18 08:48 . 2012-06-18 08:48 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-06-12 08:40 . 2012-06-12 08:40 1371648 ----a-w- c:\windows\system32\EKAiO2MON.dll
2012-06-12 08:40 . 2012-06-12 08:40 160256 ----a-w- c:\windows\system32\EKAiO2COI09.dll
2012-06-06 05:05 . 2012-07-11 20:33 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:33 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:33 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-19 09:48 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:48 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 09:48 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 09:48 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 09:47 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-19 09:47 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-19 09:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 20:33 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 20:33 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 20:33 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 20:33 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:33 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-18 03:35 . 2012-01-13 00:41 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-08-20 710504]
"EKStatusMonitor"="c:\program files\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 M4-Service;M4-Service;c:\users\BooHoo\AppData\Roaming\Mikogo 4\M4-Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [x]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 bbtest_svc;Broadband Test Application;c:\program files\Broadband Test Application\BroadbandTestApp.exe [x]
S2 GfK-Reporting-Service;GfK-Reporting-Service;c:\program files\GfK Internet-Monitor\GfK-Reporting.exe [x]
S2 GfK-Update-Service;GfK-Update-Service;c:\program files\GfK Internet-Monitor\GfK-Updater.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 04:05]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000Core.job
- c:\users\BooHoo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 21:33]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4226728602-844740211-3379392126-1000UA.job
- c:\users\BooHoo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 21:33]
.
2012-08-23 c:\windows\Tasks\IsposureAgent.job
- c:\program files\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 16:30]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0DDE4D30-C5C0-4575-A402-A54BB79768BA}: DhcpNameServer = 192.168.0.1
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
FF - ProfilePath - c:\users\BooHoo\AppData\Roaming\Mozilla\Firefox\Profiles\i1h185fb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 16:51:35
ComboFix-quarantined-files.txt 2012-08-23 15:51
.
Pre-Run: 346,681,217,024 bytes free
Post-Run: 346,491,887,616 bytes free
.
- - End Of File - - 79BE6175369C51E95356E6E02F1A369E




Pages still seem to be loading a little more slowly than usual, but that could obviously just be my connection/time of day. I have just visited 60 different sites and have had no pop-unders.
  • 0

#7
Gammo
Posted 23 August 2012 - 11:36 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.






I noticed you have lots of anti-virus/anti-spyware/anti-malware tools installed, e.g.:

Ad-Aware Antivirus
Spyware Terminator
Spybot - Search & Destroy
Emsisoft Anti-Malware
SUPERAntiSpyware
Anvi Smart Defender
Trojan Killer
IObit Malware Fighter
Malwarebytes Anti-Malware
Webroot SecureAnywhere
Hitman Pro
Stopzilla

Please uninstall all of these programs, except for 1 anti-virus (Webroot SecureAnywhere).



How is your PC running after doing the above?
  • 0

#8
missmoody
Posted 23 August 2012 - 12:12 PM

missmoody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
BooHoo :: BOOHOO-PC [administrator]

23/8/2012 6:53:05 PM
mbam-log-2012-08-23 (18-53-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211285
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Re the installed Anti-virus tools, etc., I had already started to remove them and have finished the rest.

I think the slow-loading of pages today is due to my connection as it has dropped a few times in the last hour or so and my phone is also playing up.

I've just visited lots of sites and, again, did not get any pop-unders.

Edited by missmoody, 23 August 2012 - 12:16 PM.

  • 0

#9
Gammo
Posted 23 August 2012 - 03:02 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#10
missmoody
Posted 23 August 2012 - 03:37 PM

missmoody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you very much for your help, Gammo - it's much appreciated.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP